From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: lux Newsgroups: gmane.emacs.devel Subject: Re: Request to backport fix for CVE-2022-45939 to Emacs 28 Date: Tue, 14 Feb 2023 13:07:44 +0800 Message-ID: References: <85f35c42-cfe8-44a7-a9c1-307acc5c17d4@Spark> <09998122-0110-454f-94d1-e29c37b833f4@Spark> <83sff9e1is.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-nKH7LaXdMfF/x3awfIan" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="3150"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Evolution 3.46.3 (3.46.3-1.fc37) Cc: emacs-devel@gnu.org To: Eli Zaretskii , Troy Hinckley Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Tue Feb 14 06:08:43 2023 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pRnYY-0000Zg-1Q for ged-emacs-devel@m.gmane-mx.org; Tue, 14 Feb 2023 06:08:42 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pRnXv-0008QQ-O4; Tue, 14 Feb 2023 00:08:03 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pRnXu-0008Q9-NZ for emacs-devel@gnu.org; Tue, 14 Feb 2023 00:08:02 -0500 Original-Received: from out162-62-57-64.mail.qq.com ([162.62.57.64]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pRnXq-0004A6-JT; Tue, 14 Feb 2023 00:08:02 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512; t=1676351267; bh=58w8e/GWXeH97IXwcQkHCKImcE5/USuzTUqc5JkT6Jk=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=q5V2yiYoNPRUpzaNsKCA0bix68Nxm1y52XlR5V5A3vnDRaa+PheEF20k0WrMNo49y 6fbY6J4/+1X0DnNHreIsjziSxwnSkI4DfQTzQzfhWeFIy8ILDW0tZ1M1QdLI0fxrGO XMTBhcUr3PGgGUW7CI+OTKBQk1dlkDz77agwXOCE= Original-Received: from [10.8.192.150] ([140.210.194.131]) by newxmesmtplogicsvrszc2-0.qq.com (NewEsmtp) with SMTP id 1ECA84A6; Tue, 14 Feb 2023 13:07:44 +0800 X-QQ-mid: xmsmtpt1676351264tq5efr6ed X-QQ-XMAILINFO: MFWpArBVhhGT5vHXsGz2oPagvZzdZuZHcxdBVtdrZD+kYDglwSHsVi20DtsoMm +X21+mZyzvLkCO2zl95WQu1d6AoK8YchPu3FfXi0Rc4j53FRqaajnF+7/7nUFSf/rFjKFBCndD+b GdNXt5Wd/Rs/UEZQvAWXUiNqSVqfSw1BACz3iwoFUId1im7yc9mfYgq1NMftKlaTquX+9gYOzH0c 0q/soxNJWTMrsiwA2JbYeOCXdKYc3d0Cr0mTTYCFToKVMhbWxMOGyt3mBs480I7t7HH2ZsXoqdlZ g7EkpKBoj989hVbFJpQChLyGiixKMNlRFhj3A6PpWvrg28/vCMTQrWNF2cyFdmhTbExmrweOthUb ys0NTy7oX9zGzwpzhS+ybmg9zhAk6grC9/05xkbS2brY4lgIW9ZMSsDniQ1z0jqDXzz9gOwB/Yxn h59s+6jSpyeMRSroWNfc9s013jh1Y3hWRXeihe/sVJw/7he6rMSSaFAffw2Ht5XchATvWnDwtlFw w6o5Oy4oy0gvv0lGytz9GSM9hUoTNJpwXQETsSG4JzHo8gealPUuctNurxYYEf07uuFJZhvQq6EN bweR5tNeFiAZ2hwOpCU9yKWRjgglA6WMPoMYDZuZX5B2khrw9g3Uh0jGrJIAyjSSizsfsBctKYtq ddndBoJ0fV3PZdA9tOIwtmxKiWcBSKRwte2Q9zcuIZ6f66QNbAChSXfqSFpDNRIhH5z2HB5zLzSW ROH1a40iyLp4+iW4/xXEpKKmcVABfkzhfR+D0H6IMuIC20N/xa/nD1du1Yd+gWpKifLbNJP7HG4B 2ZvnNyI7hM62qCbT1z4+C0l6EFNCsrVssRyU6hSo X-OQ-MSGID: In-Reply-To: <83sff9e1is.fsf@gnu.org> Received-SPF: none client-ip=162.62.57.64; envelope-from=lx@shellcodes.org; helo=out162-62-57-64.mail.qq.com X-Spam_score_int: 10 X-Spam_score: 1.0 X-Spam_bar: + X-Spam_report: (1.0 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HELO_DYNAMIC_IPADDR=1.951, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RDNS_DYNAMIC=0.982, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:303258 Archived-At: --=-nKH7LaXdMfF/x3awfIan Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, 2023-02-13 at 22:47 +0200, Eli Zaretskii wrote: > > Date: Mon, 13 Feb 2023 12:15:50 -0600 > > From: Troy Hinckley > >=20 > > My company will not allow an install of Emacs 28 due to CVE-2022- > > 45939. There is a patch for this in the > > master branch, but it did not make it in time for Emacs 28.2. We > > have many Emacs users who would like to > > upgrade to 28. What would be the effort to back port this fix and > > do an Emacs 28.3 release? >=20 > Unfortunately, we don't have the resources to produce another v28.x > release.=C2=A0 Emacs 29.1 will start its pretest soon, and will have this > issue resolved when it is released, hopefully in a couple of months. >=20 > Alternatively, you could ask the distro which you are using (if you > are using a distro) to backport that patch to the Emacs 28 codebase. > Or patch the sources yourself and build Emacs, if that is how you > produce the binaries. >=20 Hi, I can fix the CVE-2022-45939, this is a patch. Eli, can you merge into emacs-28 branch? --=-nKH7LaXdMfF/x3awfIan Content-Disposition: attachment; filename="0001-lib-src-etags.c-Fix-CVE-2022-45939.patch" Content-Transfer-Encoding: base64 Content-Type: text/x-patch; name="0001-lib-src-etags.c-Fix-CVE-2022-45939.patch"; charset="UTF-8" RnJvbSA2MzdkNTcyODJhYjMzMmFiYmJmZWQyNzAwMGNkZjZkYmY5ZWNkMjBlIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBYaSBMdSA8bHhAc2hlbGxjb2Rlcy5vcmc+CkRhdGU6IFR1ZSwg MTQgRmViIDIwMjMgMTI6NTg6MDQgKzA4MDAKU3ViamVjdDogW1BBVENIXSA7ICogbGliLXNyYy9l dGFncy5jOiBGaXggQ1ZFLTIwMjItNDU5MzkuCgotLS0KIGxpYi1zcmMvZXRhZ3MuYyB8IDE0OSAr KysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKysrKystLS0tLS0tLS0tLS0KIDEgZmlsZSBj aGFuZ2VkLCAxMTMgaW5zZXJ0aW9ucygrKSwgMzYgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEv bGliLXNyYy9ldGFncy5jIGIvbGliLXNyYy9ldGFncy5jCmluZGV4IGY2NjVmMzVmYTYwLi5jOWMz MjY5MTAxNiAxMDA2NDQKLS0tIGEvbGliLXNyYy9ldGFncy5jCisrKyBiL2xpYi1zcmMvZXRhZ3Mu YwpAQCAtMzgyLDcgKzM4Miw3IEBAICNkZWZpbmUgeHJuZXcob3AsIG4sIG0pICgob3ApID0geG5y ZWFsbG9jIChvcCwgbiwgKG0pICogc2l6ZW9mICoob3ApKSkKIAogc3RhdGljIGxhbmd1YWdlICpn ZXRfbGFuZ3VhZ2VfZnJvbV9sYW5nbmFtZSAoY29uc3QgY2hhciAqKTsKIHN0YXRpYyB2b2lkIHJl YWRsaW5lIChsaW5lYnVmZmVyICosIEZJTEUgKik7Ci1zdGF0aWMgcHRyZGlmZl90IHJlYWRsaW5l X2ludGVybmFsIChsaW5lYnVmZmVyICosIEZJTEUgKiwgY2hhciBjb25zdCAqKTsKK3N0YXRpYyBw dHJkaWZmX3QgcmVhZGxpbmVfaW50ZXJuYWwgKGxpbmVidWZmZXIgKiwgRklMRSAqLCBjaGFyIGNv bnN0ICosIGNvbnN0IGJvb2wpOwogc3RhdGljIGJvb2wgbm9jYXNlX3RhaWwgKGNvbnN0IGNoYXIg Kik7CiBzdGF0aWMgdm9pZCBnZXRfdGFnIChjaGFyICosIGNoYXIgKiopOwogc3RhdGljIHZvaWQg Z2V0X2xpc3B5X3RhZyAoY2hhciAqKTsKQEAgLTQwNiw3ICs0MDYsOSBAQCAjZGVmaW5lIHhybmV3 KG9wLCBuLCBtKSAoKG9wKSA9IHhucmVhbGxvYyAob3AsIG4sIChtKSAqIHNpemVvZiAqKG9wKSkp CiBzdGF0aWMgdm9pZCBwZm5vdGUgKGNoYXIgKiwgYm9vbCwgY2hhciAqLCBwdHJkaWZmX3QsIGlu dG1heF90LCBpbnRtYXhfdCk7CiBzdGF0aWMgdm9pZCBpbnZhbGlkYXRlX25vZGVzIChmZGVzYyAq LCBub2RlICoqKTsKIHN0YXRpYyB2b2lkIHB1dF9lbnRyaWVzIChub2RlICopOworc3RhdGljIHZv aWQgY2xlYW5fbWF0Y2hlZF9maWxlX3RhZyAoY2hhciBjb25zdCAqIGNvbnN0LCBjaGFyIGNvbnN0 ICogY29uc3QpOwogCitzdGF0aWMgdm9pZCBkb19tb3ZlX2ZpbGUgKGNvbnN0IGNoYXIgKiwgY29u c3QgY2hhciAqKTsKIHN0YXRpYyBjaGFyICpjb25jYXQgKGNvbnN0IGNoYXIgKiwgY29uc3QgY2hh ciAqLCBjb25zdCBjaGFyICopOwogc3RhdGljIGNoYXIgKnNraXBfc3BhY2VzIChjaGFyICopOwog c3RhdGljIGNoYXIgKnNraXBfbm9uX3NwYWNlcyAoY2hhciAqKTsKQEAgLTEzMzksNyArMTM0MSw3 IEBAIG1haW4gKGludCBhcmdjLCBjaGFyICoqYXJndikKIAkJICBpZiAocGFyc2luZ19zdGRpbikK IAkJICAgIGZhdGFsICgiY2Fubm90IHBhcnNlIHN0YW5kYXJkIGlucHV0ICIKIAkJCSAgICJBTkQg cmVhZCBmaWxlIG5hbWVzIGZyb20gaXQiKTsKLQkJICB3aGlsZSAocmVhZGxpbmVfaW50ZXJuYWwg KCZmaWxlbmFtZV9sYiwgc3RkaW4sICItIikgPiAwKQorCQkgIHdoaWxlIChyZWFkbGluZV9pbnRl cm5hbCAoJmZpbGVuYW1lX2xiLCBzdGRpbiwgIi0iLCBmYWxzZSkgPiAwKQogCQkgICAgcHJvY2Vz c19maWxlX25hbWUgKGZpbGVuYW1lX2xiLmJ1ZmZlciwgbGFuZyk7CiAJCX0KIAkgICAgICBlbHNl CkBAIC0xMzg3LDkgKzEzODksNiBAQCBtYWluIChpbnQgYXJnYywgY2hhciAqKmFyZ3YpCiAgIC8q IEZyb20gaGVyZSBvbiwgd2UgYXJlIGluIChDVEFHUyAmJiAhY3hyZWZfc3R5bGUpICovCiAgIGlm ICh1cGRhdGUpCiAgICAgewotICAgICAgY2hhciAqY21kID0KLQl4bWFsbG9jIChzdHJsZW4gKHRh Z2ZpbGUpICsgd2hhdGxlbl9tYXggKwotCQkgc2l6ZW9mICJtdi4uT1RBR1M7Z3JlcCAtRnYgJ1x0 XHQnIE9UQUdTID47cm0gT1RBR1MiKTsKICAgICAgIGZvciAoaSA9IDA7IGkgPCBjdXJyZW50X2Fy ZzsgKytpKQogCXsKIAkgIHN3aXRjaCAoYXJnYnVmZmVyW2ldLmFyZ190eXBlKQpAQCAtMTQwMCwx NyArMTM5OSw4IEBAIG1haW4gKGludCBhcmdjLCBjaGFyICoqYXJndikKIAkgICAgZGVmYXVsdDoK IAkgICAgICBjb250aW51ZTsJCS8qIHRoZSBmb3IgbG9vcCAqLwogCSAgICB9Ci0JICBjaGFyICp6 ID0gc3RwY3B5IChjbWQsICJtdiAiKTsKLQkgIHogPSBzdHBjcHkgKHosIHRhZ2ZpbGUpOwotCSAg eiA9IHN0cGNweSAoeiwgIiBPVEFHUztncmVwIC1GdiAnXHQiKTsKLQkgIHogPSBzdHBjcHkgKHos IGFyZ2J1ZmZlcltpXS53aGF0KTsKLQkgIHogPSBzdHBjcHkgKHosICJcdCcgT1RBR1MgPiIpOwot CSAgeiA9IHN0cGNweSAoeiwgdGFnZmlsZSk7Ci0JICBzdHJjcHkgKHosICI7cm0gT1RBR1MiKTsK LQkgIGlmIChzeXN0ZW0gKGNtZCkgIT0gRVhJVF9TVUNDRVNTKQotCSAgICBmYXRhbCAoImZhaWxl ZCB0byBleGVjdXRlIHNoZWxsIGNvbW1hbmQiKTsKKyAgICAgICAgICBjbGVhbl9tYXRjaGVkX2Zp bGVfdGFnICh0YWdmaWxlLCBhcmdidWZmZXJbaV0ud2hhdCk7CiAJfQotICAgICAgZnJlZSAoY21k KTsKICAgICAgIGFwcGVuZF90b190YWdmaWxlID0gdHJ1ZTsKICAgICB9CiAKQEAgLTE0MzksNiAr MTQyOSw1MSBAQCBtYWluIChpbnQgYXJnYywgY2hhciAqKmFyZ3YpCiAgIHJldHVybiBFWElUX1NV Q0NFU1M7CiB9CiAKKy8qCisgKiBFcXVpdmFsZW50IHRvOiBtdiB0YWdzIE9UQUdTO2dyZXAgLUZ2 ICcgZmlsZW5hbWUgJyBPVEFHUyA+dGFncztybSBPVEFHUworICovCitzdGF0aWMgdm9pZAorY2xl YW5fbWF0Y2hlZF9maWxlX3RhZyAoY29uc3QgY2hhciogdGFnZmlsZSwgY29uc3QgY2hhciogbWF0 Y2hfZmlsZV9uYW1lKQoreworICBGSUxFICpvdGFnc19mID0gZm9wZW4gKCJPVEFHUyIsICJ3YiIp OworICBGSUxFICp0YWdfZiA9IGZvcGVuICh0YWdmaWxlLCAicmIiKTsKKworICBpZiAob3RhZ3Nf ZiA9PSBOVUxMKQorICAgIHBmYXRhbCAoIk9UQUdTIik7CisKKyAgaWYgKHRhZ19mID09IE5VTEwp CisgICAgcGZhdGFsICh0YWdmaWxlKTsKKworICBpbnQgYnVmX2xlbiA9IHN0cmxlbiAobWF0Y2hf ZmlsZV9uYW1lKSArIHNpemVvZiAoIlx0XHQgIikgKyAxOworICBjaGFyICpidWYgPSB4bWFsbG9j IChidWZfbGVuKTsKKyAgc25wcmludGYgKGJ1ZiwgYnVmX2xlbiwgIlx0JXNcdCIsIG1hdGNoX2Zp bGVfbmFtZSk7CisKKyAgbGluZWJ1ZmZlciBsaW5lOworICBsaW5lYnVmZmVyX2luaXQgKCZsaW5l KTsKKyAgd2hpbGUgKHJlYWRsaW5lX2ludGVybmFsICgmbGluZSwgdGFnX2YsIHRhZ2ZpbGUsIHRy dWUpID4gMCkKKyAgICB7CisgICAgICBpZiAoZmVycm9yICh0YWdfZikpCisgICAgICAgIHBmYXRh bCAodGFnZmlsZSk7CisKKyAgICAgIGlmIChzdHJzdHIgKGxpbmUuYnVmZmVyLCBidWYpID09IE5V TEwpCisgICAgICAgIHsKKyAgICAgICAgICBmcHJpbnRmIChvdGFnc19mLCAiJXNcbiIsIGxpbmUu YnVmZmVyKTsKKyAgICAgICAgICBpZiAoZmVycm9yICh0YWdfZikpCisgICAgICAgICAgICBwZmF0 YWwgKHRhZ2ZpbGUpOworICAgICAgICB9CisgICAgfQorICBmcmVlIChidWYpOworICBmcmVlIChs aW5lLmJ1ZmZlcik7CisKKyAgaWYgKGZjbG9zZSAob3RhZ3NfZikgPT0gRU9GKQorICAgIHBmYXRh bCAoIk9UQUdTIik7CisKKyAgaWYgKGZjbG9zZSAodGFnX2YpID09IEVPRikKKyAgICBwZmF0YWwg KHRhZ2ZpbGUpOworCisgIGRvX21vdmVfZmlsZSAoIk9UQUdTIiwgdGFnZmlsZSk7CisgIHJldHVy bjsKK30KIAogLyoKICAqIFJldHVybiBhIGNvbXByZXNzb3IgZ2l2ZW4gdGhlIGZpbGUgbmFtZS4g IElmIEVYVFBUUiBpcyBub24temVybywKQEAgLTE4MjIsNyArMTg1Nyw3IEBAIGZpbmRfZW50cmll cyAoRklMRSAqaW5mKQogCiAgIC8qIEVsc2UgbG9vayBmb3Igc2hhcnAtYmFuZyBhcyB0aGUgZmly c3QgdHdvIGNoYXJhY3RlcnMuICovCiAgIGlmIChwYXJzZXIgPT0gTlVMTAotICAgICAgJiYgcmVh ZGxpbmVfaW50ZXJuYWwgKCZsYiwgaW5mLCBpbmZpbGVuYW1lKSA+IDAKKyAgICAgICYmIHJlYWRs aW5lX2ludGVybmFsICgmbGIsIGluZiwgaW5maWxlbmFtZSwgZmFsc2UpID4gMAogICAgICAgJiYg bGIubGVuID49IDIKICAgICAgICYmIGxiLmJ1ZmZlclswXSA9PSAnIycKICAgICAgICYmIGxiLmJ1 ZmZlclsxXSA9PSAnIScpCkBAIC02ODYxLDcgKzY4OTYsNyBAQCBhbmFseXplX3JlZ2V4IChjaGFy ICpyZWdleF9hcmcpCiAJaWYgKHJlZ2V4ZnAgPT0gTlVMTCkKIAkgIHBmYXRhbCAocmVnZXhmaWxl KTsKIAlsaW5lYnVmZmVyX2luaXQgKCZyZWdleGJ1Zik7Ci0Jd2hpbGUgKHJlYWRsaW5lX2ludGVy bmFsICgmcmVnZXhidWYsIHJlZ2V4ZnAsIHJlZ2V4ZmlsZSkgPiAwKQorCXdoaWxlIChyZWFkbGlu ZV9pbnRlcm5hbCAoJnJlZ2V4YnVmLCByZWdleGZwLCByZWdleGZpbGUsIGZhbHNlKSA+IDApCiAJ ICBhbmFseXplX3JlZ2V4IChyZWdleGJ1Zi5idWZmZXIpOwogCWZyZWUgKHJlZ2V4YnVmLmJ1ZmZl cik7CiAJaWYgKGZjbG9zZSAocmVnZXhmcCkgIT0gMCkKQEAgLTcyMDksMTEgKzcyNDQsMTMgQEAg Z2V0X2xpc3B5X3RhZyAocmVnaXN0ZXIgY2hhciAqYnApCiAKIC8qCiAgKiBSZWFkIGEgbGluZSBv ZiB0ZXh0IGZyb20gYHN0cmVhbScgaW50byBgbGJwJywgZXhjbHVkaW5nIHRoZQotICogbmV3bGlu ZSBvciBDUi1OTCwgaWYgYW55LiAgUmV0dXJuIHRoZSBudW1iZXIgb2YgY2hhcmFjdGVycyByZWFk IGZyb20KLSAqIGBzdHJlYW0nLCB3aGljaCBpcyB0aGUgbGVuZ3RoIG9mIHRoZSBsaW5lIGluY2x1 ZGluZyB0aGUgbmV3bGluZS4KKyAqIG5ld2xpbmUgb3IgQ1ItTkwgKGlmIGBsZWF2ZV9jcmAgaXMg ZmFsc2UpLCBpZiBhbnkuICBSZXR1cm4gdGhlCisgKiBudW1iZXIgb2YgY2hhcmFjdGVycyByZWFk IGZyb20gYHN0cmVhbScsIHdoaWNoIGlzIHRoZSBsZW5ndGgKKyAqIG9mIHRoZSBsaW5lIGluY2x1 ZGluZyB0aGUgbmV3bGluZS4KICAqCi0gKiBPbiBET1Mgb3IgV2luZG93cyB3ZSBkbyBub3QgY291 bnQgdGhlIENSIGNoYXJhY3RlciwgaWYgYW55IGJlZm9yZSB0aGUKLSAqIE5MLCBpbiB0aGUgcmV0 dXJuZWQgbGVuZ3RoOyB0aGlzIG1pcnJvcnMgdGhlIGJlaGF2aW9yIG9mIEVtYWNzIG9uIHRob3Nl CisgKiBPbiBET1Mgb3IgV2luZG93cywgaWYgYGxlYXZlX2NyYCBpcyBmYWxzZSwgd2UgZG8gbm90 IGNvdW50IHRoZQorICogQ1IgY2hhcmFjdGVyLCBpZiBhbnkgYmVmb3JlIHRoZSBOTCwgaW4gdGhl IHJldHVybmVkIGxlbmd0aDsKKyAqIHRoaXMgbWlycm9ycyB0aGUgYmVoYXZpb3Igb2YgRW1hY3Mg b24gdGhvc2UKICAqIHBsYXRmb3JtcyAoZm9yIHRleHQgZmlsZXMsIGl0IHRyYW5zbGF0ZXMgQ1It TkwgdG8gTkwgYXMgaXQgcmVhZHMgaW4gdGhlCiAgKiBmaWxlKS4KICAqCkBAIC03MjIxLDcgKzcy NTgsNyBAQCBnZXRfbGlzcHlfdGFnIChyZWdpc3RlciBjaGFyICpicCkKICAqIGFwcGVuZGVkIHRv IGBmaWxlYnVmJy4KICAqLwogc3RhdGljIHB0cmRpZmZfdAotcmVhZGxpbmVfaW50ZXJuYWwgKGxp bmVidWZmZXIgKmxicCwgRklMRSAqc3RyZWFtLCBjaGFyIGNvbnN0ICpmaWxlbmFtZSkKK3JlYWRs aW5lX2ludGVybmFsIChsaW5lYnVmZmVyICpsYnAsIEZJTEUgKnN0cmVhbSwgY2hhciBjb25zdCAq ZmlsZW5hbWUsIGNvbnN0IGJvb2wgbGVhdmVfY3IpCiB7CiAgIGNoYXIgKmJ1ZmZlciA9IGxicC0+ YnVmZmVyOwogICBjaGFyICpwID0gbGJwLT5idWZmZXI7CkBAIC03MjUxLDE5ICs3Mjg4LDE5IEBA IHJlYWRsaW5lX2ludGVybmFsIChsaW5lYnVmZmVyICpsYnAsIEZJTEUgKnN0cmVhbSwgY2hhciBj b25zdCAqZmlsZW5hbWUpCiAJICBicmVhazsKIAl9CiAgICAgICBpZiAoYyA9PSAnXG4nKQotCXsK LQkgIGlmIChwID4gYnVmZmVyICYmIHBbLTFdID09ICdccicpCi0JICAgIHsKLQkgICAgICBwIC09 IDE7Ci0JICAgICAgY2hhcnNfZGVsZXRlZCA9IDI7Ci0JICAgIH0KLQkgIGVsc2UKLQkgICAgewot CSAgICAgIGNoYXJzX2RlbGV0ZWQgPSAxOwotCSAgICB9Ci0JICAqcCA9ICdcMCc7Ci0JICBicmVh azsKLQl9CisgICAgICAgIHsKKyAgICAgICAgICBpZiAoIWxlYXZlX2NyICYmIHAgPiBidWZmZXIg JiYgcFstMV0gPT0gJ1xyJykKKyAgICAgICAgICAgIHsKKyAgICAgICAgICAgICAgcCAtPSAxOwor ICAgICAgICAgICAgICBjaGFyc19kZWxldGVkID0gMjsKKyAgICAgICAgICAgIH0KKyAgICAgICAg ICBlbHNlCisgICAgICAgICAgICB7CisgICAgICAgICAgICAgIGNoYXJzX2RlbGV0ZWQgPSAxOwor ICAgICAgICAgICAgfQorICAgICAgICAgICpwID0gJ1wwJzsKKyAgICAgICAgICBicmVhazsKKyAg ICAgICAgfQogICAgICAgKnArKyA9IGM7CiAgICAgfQogICBsYnAtPmxlbiA9IHAgLSBidWZmZXI7 CkBAIC03Mjk0LDcgKzczMzEsNyBAQCByZWFkbGluZV9pbnRlcm5hbCAobGluZWJ1ZmZlciAqbGJw LCBGSUxFICpzdHJlYW0sIGNoYXIgY29uc3QgKmZpbGVuYW1lKQogcmVhZGxpbmUgKGxpbmVidWZm ZXIgKmxicCwgRklMRSAqc3RyZWFtKQogewogICBsaW5lY2hhcm5vID0gY2hhcm5vOwkJLyogdXBk YXRlIGdsb2JhbCBjaGFyIG51bWJlciBvZiBsaW5lIHN0YXJ0ICovCi0gIHB0cmRpZmZfdCByZXN1 bHQgPSByZWFkbGluZV9pbnRlcm5hbCAobGJwLCBzdHJlYW0sIGluZmlsZW5hbWUpOworICBwdHJk aWZmX3QgcmVzdWx0ID0gcmVhZGxpbmVfaW50ZXJuYWwgKGxicCwgc3RyZWFtLCBpbmZpbGVuYW1l LCBmYWxzZSk7CiAgIGxpbmVubyArPSAxOwkJCS8qIGluY3JlbWVudCBnbG9iYWwgbGluZSBudW1i ZXIgKi8KICAgY2hhcm5vICs9IHJlc3VsdDsJCS8qIGluY3JlbWVudCBnbG9iYWwgY2hhciBudW1i ZXIgKi8KIApAQCAtNzY1Miw2ICs3Njg5LDQ2IEBAIGV0YWdzX21rdG1wICh2b2lkKQogICByZXR1 cm4gdGVtcGx0OwogfQogCitzdGF0aWMgdm9pZAorZG9fbW92ZV9maWxlKGNvbnN0IGNoYXIgKnNy Y19maWxlLCBjb25zdCBjaGFyICpkc3RfZmlsZSkKK3sKKyAgaWYgKHJlbmFtZSAoc3JjX2ZpbGUs IGRzdF9maWxlKSA9PSAwKQorICAgIHJldHVybjsKKworICBGSUxFICpzcmNfZiA9IGZvcGVuIChz cmNfZmlsZSwgInJiIik7CisgIEZJTEUgKmRzdF9mID0gZm9wZW4gKGRzdF9maWxlLCAid2IiKTsK KworICBpZiAoc3JjX2YgPT0gTlVMTCkKKyAgICBwZmF0YWwgKHNyY19maWxlKTsKKworICBpZiAo ZHN0X2YgPT0gTlVMTCkKKyAgICBwZmF0YWwgKGRzdF9maWxlKTsKKworICBpbnQgYzsKKyAgd2hp bGUgKChjID0gZmdldGMgKHNyY19mKSkgIT0gRU9GKQorICAgIHsKKyAgICAgIGlmIChmZXJyb3Ig KHNyY19mKSkKKyAgICAgICAgcGZhdGFsIChzcmNfZmlsZSk7CisKKyAgICAgIGlmIChmZXJyb3Ig KGRzdF9mKSkKKyAgICAgICAgcGZhdGFsIChkc3RfZmlsZSk7CisKKyAgICAgIGlmIChmcHV0YyAo YywgZHN0X2YpID09IEVPRikKKyAgICAgICAgcGZhdGFsICgiY2Fubm90IHdyaXRlIik7CisgICAg fQorCisgIGlmIChmY2xvc2UgKHNyY19mKSA9PSBFT0YpCisgICAgcGZhdGFsIChzcmNfZmlsZSk7 CisKKyAgaWYgKGZjbG9zZSAoZHN0X2YpID09IEVPRikKKyAgICBwZmF0YWwgKGRzdF9maWxlKTsK KworICBpZiAodW5saW5rIChzcmNfZmlsZSkgPT0gLTEpCisgICAgcGZhdGFsICgidW5saW5rIGVy cm9yIik7CisKKyAgcmV0dXJuOworfQorCiAvKiBSZXR1cm4gYSBuZXdseSBhbGxvY2F0ZWQgc3Ry aW5nIGNvbnRhaW5pbmcgdGhlIGZpbGUgbmFtZSBvZiBGSUxFCiAgICByZWxhdGl2ZSB0byB0aGUg YWJzb2x1dGUgZGlyZWN0b3J5IERJUiAod2hpY2ggc2hvdWxkIGVuZCB3aXRoIGEgc2xhc2gpLiAq Lwogc3RhdGljIGNoYXIgKgotLSAKMi4zOS4xCgo= --=-nKH7LaXdMfF/x3awfIan--